A Penetrating Analysis Case Study Example | Topics and Well Written Essays - 1000 words

A Penetrating Analysis - Case Study ExampleThe executive director had stored his admin password on his mobile phone and had left the phone unattended in his office. At that era he had not realized that his mobile had been tamping bared with or that anyone had retrieved the admin password and user name from it. Approximately both weeks later, a computer virus was uploaded to the companys server and effectively shredded all employee info. Investigations into the attack uncovered evidence from the info dump and the syslog files which indicated that the virus had been directly uploaded from within the organization by the administrator himself. At least, the username and the password the attacker had entered to access the companys server were the administrators. Further investigations revealed the password theft happening and identified the attacker as a disgruntled IT employee, who had just been put on notice by the administrator. The employee in question was, of course, fired an d court-ordered measures were taken against him. The employee records, after the investment of considerable effort and time by the IT department, were retrieved.The seThe security incident exposit in the above, comprises a malicious attack whose potential for damage was significant. The attacker limited himself to the uploaded of a virus but, alternatively, he could have retrieved company information which was of value to competitors, such as client lists and a final cause that the company was putting together, at that time, for a bid. The consequences, in other words, could have been more damaging than they at last were, not because the companys profits security system was effective but because the attackers goal was limited to the uploading of the virus in question.Reflecting upon the security incident outlined in the previous, it is apparent that the network administrator was at fault. Password information should be safeguarded as keys to a vault are, insofar as they are the keys to a corporations nerve inwardness and misuse has the potential to wreak tremendous damage on a corporation. The second security incident which the company confronted was much more serious and occurred as a direct consequence of a photograph in the Cisco router which the company had installed. Apparently, Cisco IOS had a security hole which the company was trying to break up through a parcel patch. Cisco had informed its IOS users that they would need to download and install the new software but had not mentioned the security hole. Therefore, my company and the IT department were, as the case with the countless of companies which used IOS across the world, unaware of the presence of a security hole. Many criminal hackers, however, were and Cisco only admitted it at a much later date (Zetter, 2005).Exploitation of this particular security hole did not mean, as the network administrator explained, that a hacker could enter the corporate network but that he/she could both ta mper with the data and control the data flow. This is precisely what happened. The router password was changed, financial records were tampered with and two orders for financial transfers were sent by the Financial Director to an offshore bank